Bloomreach has released another round of brXM maintenance updates for both our enterprise customers and the open-source community: 15.1.3, 14.7.11, and 13.4.21
This maintenance release updates several dependencies that are related to the recently publicized “text4shell” vulnerability, CVE-2022-42889. Bloomreach has confirmed that the brXM product is not vulnerable, but we cannot rule out that customer code using this library may be. As a rapid-response precaution, we have updated the version of Apache Commons Text used by our product to 1.10.0, which operates in a safer way by default.
As usual, we recommend that all projects be kept up to date with our latest maintenance releases to stay current with security precautions. Thanks for helping to keep our community secure.